161 matches found
GHSA-GJ94-V4P9-W672 Denial-of-service vulnerability processing large chat messages containing many newlines
Impact PocketMine-MP caps maximum chat message length at 512 Unicode characters, or about 2048 bytes. No more than 2 chat messages may be sent per tick. However, due to legacy reasons, incoming chat message blobs are split by \n, and each part is treated as a separate message, the length of each...
Denial-of-service vulnerability processing large chat messages containing many newlines
Impact PocketMine-MP caps maximum chat message length at 512 Unicode characters, or about 2048 bytes. No more than 2 chat messages may be sent per tick. However, due to legacy reasons, incoming chat message blobs are split by \n, and each part is treated as a separate message, the length of each...
CVE-2021-43398
Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...
gcc-toolset-10-binutils bug fix update
An update is available for gcc-toolset-10-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Binutils is a collection of binary utilities, including ar fo...
USN-4979-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...
End of support for Office 2016 and Office 2019
None None...
openSUSE Security Update : opera (openSUSE-2020-917)
This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 Mac Tabs shrinking & disappearing - DNA-85629 Crash at...
OPENSUSE-SU-2020:1064-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 bsc1173998: + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
Security update for opera (important)
openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2020:0917-1 Rating: important References: Cross-References: CVE-2020-6464 CVE-2020-6831 Affected Products: openSUSE Leap 15.2:NonFree An update that fixes two vulnerabilities is now available. Description: This updat...
Citrix Workspace app 2006.1 for Windows takes long time to launch ICA session
Citrix Workspace app 2006.1 for Windows takes long time to launch ICA session, comparing toCitrix Workspace app 1912 for Windows. In a Fiddler trace captured during session launch, you will see wfica32 attempting to connect tolocus.analytics.cloud.com:443 but failing...
openSUSE Security Update : opera (openSUSE-2020-709)
This update for opera fixes the following issues : Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 Mac Tabs shrinking & disappearing - DNA-85629 Crash at...
PYSEC-2020-149
The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...
Control domain memory leak issue on Citrix Hypervisor 8.0 when GPU in use
1. Any operation on VMs start, shutdown, creating and removing snapshot etc. with GPU are extremely slow 2. Citrix Hypervisor 8.0 freezing when GPU in use...
PYSEC-2019-12
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
PYSEC-2019-82
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
openSUSE Security Update : spice (openSUSE-2019-167)
This update for spice fixes the following issues : Security issue fixed : - CVE-2019-3813: Fixed a out-of-bounds read in the memslotgetvirt function that could lead to denial-of-service or code-execution bsc1122706. Non-security issue fixed : - Include spice-server tweak to compensate for...
GHSA-GX96-VGF7-HWFG In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
DEBIAN-CVE-2018-8005
When there are multiple ranges in a range request, Apache Traffic Server ATS will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgra...
High CPU Utilization on PVS 7.6 Servers
PVS 7.6: High CPU Utilization...
SUSE-SU-2018:0582-1 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)
This update for the Linux Kernel 4.4.103-9256 fixes several issues. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...